Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #
- # SQUID CONFIGURATION
- #
- # Listen on Port
- http_port 3128
- # Visible Hostname in Error Messages
- visible_hostname proxy
- # Hide Source IP Address
- forwarded_for off
- # Error Messages in German
- error_directory /usr/share/squid3/errors/French/
- # Cache Manager E-Mail address
- cache_mgr christophe@leloup.local
- #
- # Caching Options
- #
- # Minimum Object Size: 0!
- minimum_object_size 0 KB
- # The bigger the objects will be, slower will be the answers: 10MB
- maximum_object_size 10 MB
- # Lowest limit for Cache (in %)
- cache_swap_low 90
- # Highest Limit for Cache (in %)
- cache_swap_high 98
- # Max Cache capacity in Memory (RAM)
- cache_mem 1 GB
- # The highest size of Objects retains in RAM
- maximum_object_size_in_memory 1 MB
- #
- # Connections Options
- #
- # Eject clients with unclean closed connections
- half_closed_clients off
- # Reject Persistent Server Connections
- server_persistent_connections off
- # Accept Persistent Client Connections
- client_persistent_connections on
- client_lifetime 1 day
- # Connecting Timeouts for Connections
- connect_timeout 50 seconds
- request_timeout 50 seconds
- persistent_request_timeout 50 seconds
- read_timeout 2 minutes
- # Aborting Downloads
- quick_abort_min 20 KB
- quick_abort_max 20 KB
- # In Percentage
- quick_abort_pct 90
- #
- # DNS Options
- #
- # Upper limit on how long Squid will cache positive DNS responses.
- positive_dns_ttl 6 hours
- # Default Time-to-Live (TTL) for failed requests.
- negative_dns_ttl 2 minutes
- #
- # Refresh Patterns
- #
- # Add any of your own refresh_pattern entries above these.
- refresh_pattern ^ftp: 1440 20% 10080
- refresh_pattern ^gopher: 1440 0% 1440
- refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
- refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
- refresh_pattern . 0 20% 4320
- #
- # LDAP & Kerberos (Active Directory) Authentication
- #
- ### negotiate kerberos and ntlm authentication
- auth_param negotiate program /usr/local/bin/negotiate_wrapper -d --ntlm /usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp --domain=LELOUP --kerberos /usr/local/bin/squid_kerb_auth -d -s GSS_C_NO_NAME
- auth_param negotiate children 10
- auth_param negotiate keep_alive off
- ### pure ntlm authentication
- auth_param ntlm program /usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp --domain=LELOUP
- auth_param ntlm children 10
- auth_param ntlm keep_alive off
- ### provide basic authentication via ldap for clients not authenticated via kerberos/ntlm
- auth_param basic program /usr/lib/squid3/basic_ldap_auth -R -b "dc=leloup,dc=local" -D squid@leloup.local -W /etc/squid3/ldappass.txt -f sAMAccountName=%s -h ad.leloup.local
- auth_param basic children 10
- auth_param basic realm Internet Proxy
- auth_param basic credentialsttl 1 minute
- #
- # ACL Definitions
- #
- acl auth proxy_auth REQUIRED
- acl SSL_ports port 443
- acl Safe_ports port 80 # http
- acl Safe_ports port 21 # ftp
- acl Safe_ports port 443 # https
- acl Safe_ports port 70 # gopher
- acl Safe_ports port 210 # wais
- acl Safe_ports port 1025-65535 # unregistered ports
- acl Safe_ports port 280 # http-mgmt
- acl Safe_ports port 488 # gss-http
- acl Safe_ports port 591 # filemaker
- acl Safe_ports port 777 # multiling http
- acl CONNECT method CONNECT
- #
- # http_access Rules
- #
- ### enforce authentication
- http_access deny !Safe_ports
- http_access deny CONNECT !SSL_ports
- http_access deny !auth
- http_access allow auth
- http_access allow localhost
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement